4 December 2023

A data breach recently occurred at Leiden University. We deeply regret that this data breach happened. Due to human error, files containing personal data were placed in a SharePoint environment that was accessible to all Leiden University staff. This may have resulted in unlawful access, with staff being able to view these files. Leiden University staff are bound by confidentiality.

Measures taken

The first step taken was to close the SharePoint environment to ensure the files are no longer accessible to all staff. The Privacy Office and the Security Office then launched an investigation into the data breach. The log files were used to check whether the documents that had been accessed contained personal data. The personal data found determined the impact on the data subjects. The investigation is in its final stages. All data subjects to whose rights and freedoms the data breach is likely to pose a high risk have been informed in a letter. If you have not received such a letter, then your personal data was not involved in the data breach or there is no substantial risk to your rights and freedoms. The data breach was reported to the Data Protection Authority by Leiden University.

In addition to the aforementioned investigation into the data involved, a separate investigation is also underway into possible areas of improvement following this data breach.

Questions?

If you need more information about the processing of your personal data or have any questions about this data breach, please contact the Privacy Office or the Data Protection Officer at: privacy@bb.leidenuniv.nl.

We deeply regret this data breach and can assure you that we will do everything possible to prevent similar breaches in the future.